In a follow-up to his previous entry concerning his "top two security practices", Chris Shiflett responds with a more specific definition of what was meant by the two rules: filter input and escape output.

These are essentially "the least you can do" in terms of security. I consider anything less to be negligent (we all make mistakes, but these mistakes should be the exception and not the norm).

Of course, my simple list leaves out many details, and that's fine. As I mentioned before, this list provides a broad perspective that helps to keep you on track while you focus on the details. I'm trying to help you focus on what's most important, because it's not always practical to implement every safeguard that you know.

He corrects a few assumptions that were made over on Robert Peake's weblog as well, ensuring that valid information is presented on this important security issue.